1. Technical Field
The present disclosure relates to network troubleshooting and more specifically to networking mapping with dynamic session maps.
2. Introduction
The growing complexity of computer networks presents significant challenges for network administrators. Charged with the responsibility of managing and troubleshooting a network, network administrators must often comb through voluminous logs of data and test numerous elements in the network to identify and correct even a minor issue in the network. Sifting the evidence and locating the issue, among such a magnitude of information and elements, can quickly become a daunting task. Thus, to facilitate the troubleshooting process, network administrators frequently rely on session maps.
To create a session map, a network administrator first generates a list of every piece of equipment and communication involved. The network administrator then uses this information to create a graphical representation of the equipment and communications involved. This is typically done using network sniffers, which intercept and log traffic on a network. For instance, as messages traverse the network, the network sniffer captures each packet, logs the packet's data, and analyzes its contents. A user can then review the information exchanged and analyze the network.
However, even with a network sniffer, identifying every piece of equipment and communication involved in a problem can be extremely difficult, particularly in larger networks and with dynamic signaling schemes. For example, it is generally not possible to predict what elements in a network are going to be involved in a communication session. As a result, it is also generally not possible to predict where a network sniffer is going to be needed.
Even when a node is known to be involved, identifying the relevant information can be very challenging, since a node will typically handle a large number of packets, many of which may not be relevant to the session of interest, and it may not be practical or possible to silence other network traffic. While in some cases, separating irrelevant packets is as simple as filtering by a port and a source and destination IP address, in many cases, such filtering is not possible, particularly when dealing with signaling nodes that use a fixed port for all signaling. Performing a comprehensive sniff may otherwise unfeasible, at least as a permanent solution. Further, logging everything, everywhere, all the time, does not scale well unless the logging is restricted to what is perceived to be key information, yet such restricted logging would yield an insufficient amount of data to diagnose network problems.